Electronic Messaging


Contact us

 

1. Introduction 2. Electronic Messaging Policy 2.1 Sending and Receiving Electronic Messages 2.2 Monitoring of Electronic Messaging Facilities 2.3 Use of Email

1. Introduction

Electronic messaging has now become a vital business tool for communicating both internally and with customers and suppliers. However, because of its flexibility and general availability, the use of electronic messaging carries with it a number of significant risks and all users must remain vigilant and adopt good practice when sending and receiving messages.

Electronic messaging covers email and also various forms of instant and store-and-forward messaging such as SMS texts, messaging apps, web chats and messaging facilities within social media platforms.

This policy document describes how you may use the provided Fiber Group Shpk electronic messaging facilities, including what you must and must not do. It applies to all use of these facilities whatever the means or location of access e.g. via mobile devices or outside of the office.

If you do not understand the implications of this policy or how it may apply to you, you should approach your line manager in the first instance.

This control applies to all systems, people and processes that constitute the organization’s information systems, including board members, directors, employees, suppliers and other third parties who have access to Fiber Group Shpk systems.

The following policies and procedures are relevant to this document:

  • Acceptable Use Policy
  • Internet Acceptable Use Policy
  • Information Security Policy


2. Electronic Messaging Policy

Business casual is defined Western dress code that is generally considered casual wear but with smart (in the sense of "well dressed") components of a proper lounge suit from traditional informal wear, adopted for white-collar workplaces. This interpretation typically including dress shirt, necktie, and trousers, but worn with an odd-colored blazer or a sports coat instead.

2.1 Sending and Receiving Electronic Messages

The organization-provided electronic messaging facilities must always be used when communicating with others on official business. You must not use a personal account for this purpose. Guidelines on the sending of classified information via electronic messaging must be observed at all times. You must never send or receive information (unless authorized to do so) that contains:

  • Personnel Identifiable Information (PII)
  • Cardholder Data (CHD)

All messages sent from an organization account remain the property of Fiber Group Shpk and are considered to be part of the corporate record. All organization messages must be considered to be official communications from the organization and treated accordingly.

The organization maintains its legal right to monitor and audit the use of electronic messaging by authorized users to assess compliance to this policy. This will be done in accordance with the provisions of relevant legislation.

Deletion of a message from an individual account does not necessarily mean that it has been permanently removed from the organization’s IT systems and such messages may still be subject to audit and review.

Users should remain aware that it cannot be guaranteed that a message will be received or read by a recipient and that messages can be interpreted in different ways according to the culture, role and even prevailing mood of the individual reading it. You should therefore at all times consider whether the use electronic messaging is an appropriate means of conveying the information involved and whether an alternative such as the telephone would be preferable, particularly if the message is urgent or complex.

Particular care must be taken when addressing messages that include classified information to prevent accidental transmission to unauthorized recipients. Beware of the auto-completion feature of some text and email clients where the system suggests recipients based on the characters typed in so far.

Users must avoid sending unnecessary messages to distribution lists, particularly those with wide circulation such as the “global list” of all employees. Where required, such messages should be sent via the organization’s communications department.

Messages from an organization address should be considered in the same way as other more formal methods of communication. Nothing should be sent externally which might affect the organization’s reputation or affect its relationships with suppliers, customers or other stakeholders.

In particular, users must not send messages containing material which is defamatory, obscene, does not comply with the organization’s equality and diversity policy or which a recipient might otherwise reasonably consider inappropriate. If you are not sure whether your intended message falls into this category, please consult your line manager before sending.

Official organization electronic messaging facilities must not be used:

  • for the distribution of unsolicited commercial or advertising material, chain letters, or other junk-mail of any kind, to other organizations
  • to send material that infringes the copyright or intellectual property rights of another person or organization
  • for activities that corrupt or destroy other users’ data or otherwise disrupt the work of other users
  • to distribute any offensive, obscene or indecent images, data, or other material, or any data capable of being resolved into obscene or indecent images or material
  • to send anything which is designed or likely to cause annoyance, inconvenience or needless anxiety to others
  • to convey abusive, threatening or bullying messages to others
  • to transmit material that either discriminates or encourages discrimination on the grounds of race, gender, sexual orientation, marital status, disability, political or religious beliefs
  • for the transmission of defamatory material or false claims of a deceptive nature
  • for activities that violate the privacy of other users
  • to send anonymous messages - i.e. without clear identification of the sender
  • for any other activities which bring, or may bring, the organization into disrepute

If you receive unsolicited junk messages or spam, it is advised that you delete them without reading them. Do not reply to the message as this can confirm the existence of a valid address to the sender, resulting in further unwanted communications.

2.2 Monitoring of Electronic Messaging Facilities

Electronic messaging usage within the organization system is monitored and recorded centrally in order to:

  • plan and manage its resource capacity effectively
  • assess compliance with policies and procedures
  • ensure that standards are maintained
  • prevent and detect crime
  • investigate unauthorized use

Monitoring will be undertaken by staff specifically authorized for that purpose. Consistent monitoring procedures will be applied to all users and may include checking the contents of messages.

In the event that a manager suspects that the electronic messaging facilities are being abused by a user, they must contact the IT Manager. All such reports will be investigated according to documented procedures and where appropriate, evidence provided. There may also be a requirement to provide such information to regulatory or legislative bodies in accordance with the law.

Users must not access another user’s electronic messaging account unless they have obtained permission from the owner of the account or their line manager. In such cases this must be for legitimate business reasons and only messages which may reasonably be judged to be relevant to the question in hand must be opened.

All Electronic Messaging Facilities must be controlled by endpoint protection software for Data Loss Prevention. All information such as:

  • Credit card formats (Track-Pan-Etc)
  • Iban or Bank Account Details
  • Contact Details

Must be blocked on sent or the user should be advised that this type of data is kept under strict control. (This depends on the agreements with the customer). Also the following kind of files, must be controlled as described above:

  • Archive
  • Image
  • Document
  • Office password protected
  • Database
  • Plain text
  • Spreadsheet
  • Presentation
  • Password repository

2.3 Use of Email

In addition to the policy statements in other sections of this document, the following applies specifically to the use of email.

All e-mails sent from organization addresses to recipients outside of the organization will automatically carry the following disclaimer:

“The information contained in this message is intended for the addressee only and may contain classified information. If you are not the addressee, please delete this message and notify the sender; you should not copy or distribute this message or disclose its contents to anyone. Any views or opinions expressed in this message are those of the individual(s) and not necessarily of the organization. No reliance may be placed on this message without written confirmation from an authorized representative of its contents. No guarantee is implied that this message or any attachment is virus free or has not been intercepted and amended.”

Do not use auto-forwarding on emails e.g. whilst on holiday, if there is a possibility that this may result in classified information being forwarded to a recipient that does not have sufficient security clearance for the level of information involved.

Your mailbox will be set up with a limitation on its size. This is in order to prevent the available storage capacity from being exceeded and to ensure the cost-effective use of email.

You should manage your email account(s) to remain within the mailbox size limit, making use of the archiving facility included in most email clients where possible. If your mailbox has filled up, contact the IT Service Desk for advice in the first instance.

Where possible, make use of links to files within email messages rather than attaching a copy of the file, particularly if the email message has a wide distribution. This will prevent other user’s mailboxes filling up and so avoid consequent disruption.

There is a system-wide size limit to emails which is 25Mb. If you need to send a larger email for legitimate business purposes, please use a drive attachment, then please contact the IT Service Desk for advice.

Computer viruses, adware and other malware are small programs that can have a negative effect on your computer and your use of the internet and can expose the organization’s information to extreme risk. Such viruses can be inadvertently downloaded and installed via emails received into your inbox. The organization provides anti-virus software which runs on every computer that has access to the network and should detect any viruses before they have been installed.

If you believe you may have a virus or you have been sent an email that may contain one, please report this to the IT Service Desk immediately. Do not open any attachments you believe may contain a virus.

In addition, you must not:

  • transmit by email any file attachments which you know to be infected with a virus
  • download data or programs of any nature from unknown sources
  • disable or reconfigure the installed anti-virus system operating on a computer used to access email facilities
  • forward virus warnings other than to the IT Service Desk

If a computer virus is deliberately or accidentally sent to another organization, Fiber Group Shpk could be held liable if the transmission could be considered negligent.